CVE-2025-47147 Overview
CVE-2025-47147 is a cleartext storage of sensitive information vulnerability (CWE-312) affecting the Gallagher Command Centre Mobile Client on Android and iOS platforms. This insecure data storage flaw allows an attacker with physical access to a logged-in Operator's mobile device to extract session tokens stored in plaintext, potentially enabling unauthorized access to the Command Centre system for a limited duration.
Critical Impact
An attacker with device access can extract authentication session tokens from cleartext storage, enabling session hijacking and unauthorized access to physical access control systems.
Affected Products
- Command Centre Mobile Client versions prior to 9.40.123 (Android)
- Command Centre Mobile Client versions prior to 9.40.123 (iOS)
Discovery Timeline
- 2026-03-03 - CVE-2025-47147 published to NVD
- 2026-03-03 - Last updated in NVD database
Technical Details for CVE-2025-47147
Vulnerability Analysis
This vulnerability stems from improper handling of sensitive authentication data within the Command Centre Mobile Client application. The session token, which is used to authenticate an Operator's session with the Command Centre server, is stored in cleartext on the mobile device's local storage. This violates security best practices for mobile application development, which mandate that sensitive credentials and tokens should always be encrypted at rest using platform-specific secure storage mechanisms such as Android Keystore or iOS Keychain.
The local attack vector combined with the requirement for high privileges (physical device access to a logged-in session) limits the exploitability of this vulnerability. However, successful exploitation grants the attacker access to both confidentiality and integrity of the system, as they can impersonate the legitimate Operator within the Command Centre ecosystem.
Root Cause
The root cause of CVE-2025-47147 is the failure to implement proper encryption for sensitive authentication tokens before storing them on the device's local filesystem. The Command Centre Mobile Client stores session tokens in cleartext rather than utilizing secure storage APIs provided by the Android and iOS operating systems. This represents a violation of mobile security best practices outlined in OWASP Mobile Security guidelines, specifically related to insecure data storage (M2).
Attack Vector
Exploitation of this vulnerability requires local access to a mobile device where an Operator is currently logged into the Command Centre Mobile Client. The attack scenario typically involves:
- An attacker gains physical access to an unlocked mobile device with an active Command Centre session
- The attacker accesses the application's local storage directory using file system exploration tools or device backup extraction
- The session token is extracted from cleartext storage
- The attacker uses the stolen token to authenticate to the Command Centre system from another device or application
- The attacker can then perform actions within the system under the guise of the legitimate Operator until the session expires
The vulnerability manifests in the application's session management implementation where tokens are written to local storage without encryption. For detailed technical information, refer to the Gallagher Security Advisory.
Detection Methods for CVE-2025-47147
Indicators of Compromise
- Unusual session activity or access patterns from the same Operator account on multiple devices simultaneously
- Authentication logs showing connections from unexpected geographic locations or IP addresses
- File access logs indicating unauthorized reading of application data directories on mobile devices
- Session tokens being used after the legitimate user has logged out or changed devices
Detection Strategies
- Monitor Command Centre server logs for concurrent sessions from the same Operator credentials on different devices
- Implement device fingerprinting to detect session token reuse across different devices
- Enable audit logging for all Operator actions within Command Centre to establish baseline behavior
- Deploy mobile device management (MDM) solutions to monitor for unauthorized file system access attempts
Monitoring Recommendations
- Configure alerting for session anomalies such as impossible travel scenarios or simultaneous logins
- Regularly audit mobile device security posture through MDM compliance checks
- Monitor for unauthorized backup or file extraction activities on enrolled devices
- Review Command Centre access logs periodically for signs of session hijacking
How to Mitigate CVE-2025-47147
Immediate Actions Required
- Update Command Centre Mobile Client to version 9.40.123 or later on all Android and iOS devices
- Force logout of all active mobile sessions to invalidate potentially compromised tokens
- Review recent Operator activity logs for any suspicious access patterns
- Implement device passcode/biometric authentication requirements via MDM policies
- Educate Operators about the importance of device security and not leaving devices unattended while logged in
Patch Information
Gallagher has released Command Centre Mobile Client version 9.40.123 which addresses this vulnerability by implementing proper encryption for session token storage. Organizations should update all deployed mobile clients to this version or later as soon as possible. For complete patch details and download information, refer to the Gallagher Security Advisory.
Workarounds
- Enforce automatic session timeout policies to minimize the window of opportunity for token theft
- Require device lock screens with strong PINs or biometric authentication
- Deploy MDM solutions to enforce device encryption and prevent unauthorized backup extraction
- Implement IP allowlisting for Command Centre access where operationally feasible
- Consider disabling mobile client access for high-privilege Operator accounts until the patch can be applied
# MDM Policy Configuration Example for Device Security
# Enforce screen lock with minimum PIN length
mdm_policy set screen_lock_enabled true
mdm_policy set minimum_pin_length 6
mdm_policy set biometric_authentication_allowed true
mdm_policy set automatic_lock_timeout 60
# Prevent unauthorized backup extraction
mdm_policy set encrypted_backup_required true
mdm_policy set usb_debugging_blocked true
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
